Security News

Medibank hack turned into a data breach: The attackers are demanding money
2022-10-21 10:57

Medibank, Australia's largest private health provider, has confirmed that last week's "Cyber incident" has resulted in a data breach. Medibank Group took action: they engaged cyber security firms and began "Isolating and removing access to some customer-facing systems to reduce the likelihood of damage to systems or data loss."

Cops swoop after crooks use wireless keyfob hack to steal cars
2022-10-18 06:27

Europol this week said it has arrested 31 people in a crackdown on a car-theft ring that developed and used a technique to steal keyless vehicles. The thieves were apparently able to update or manipulate the cars' software so that the doors could be opened and engine started without needing the owner's wireless keyfob.

Ex-WSJ reporter says he was framed in elaborate 'hack-and-smear' operation
2022-10-18 01:37

The leaked emails, according to Solomon's lawsuit, "Presented suggestive language creating a wrongful appearance of alleged improper, unethical and/or fraudulent dealings between Mr Solomon and Mr Azima that never occurred." For one, Georgia ceased its visa-free policy for Iranian nationals in July that year, and froze 150 Iranian bank accounts in the country, Solomon's complaint stated.

What the Uber Hack can teach us about navigating IT Security
2022-10-13 14:05

Uber's security compromise earlier this month is an unfortunate result of concerns left over from an attack the company sustained in 2016 when a pair of hackers outside of Uber accessed user data that was stored on a 3rd-party server. While MFA can guard against attacks using stolen credentials, that doesn't protect against what could happen if a hacker has credentials and uses them for a more advanced attack.

Optus Hack Exposes Data of Nearly 2.1 Million Australian Telecom Customers
2022-10-04 07:06

Australian telecom giant Optus on Monday confirmed that nearly 2.1 million of its current and former customers suffered a leak of their personal information and at least one form of identification number as a result of a data breach late last month. "Approximately 1.2 million customers have had at least one number from a current and valid form of identification, and personal information, compromised," Singtel said in an announcement made on its website.

Russian retail chain 'DNS' confirms hack after data leaked online
2022-10-03 18:35

Russian retail chain 'DNS' disclosed yesterday that they suffered a data breach that exposed the personal information of customers and employees. While the firm has not provided details on what information was compromised, it clarified that the hackers didn't steal user passwords and payment card data, as that data isn't stored on their systems.

Hackers Aid Protests Against Iranian Government with Proxies, Leaks and Hacks
2022-09-29 09:56

Several hacktivist groups are using Telegram and other tools to aid anti-government protests in Iran to bypass regime censorship restrictions amid ongoing unrest in the country following the death of Mahsa Amini in custody. The company said it has also witnessed sharing of proxies and open VPN servers to get around censorship and reports on the internet status in the country, with one group helping the anti-government demonstrators access social media sites.

Critical WhatsApp Bugs Could Have Let Attackers Hack Devices Remotely
2022-09-28 05:03

One of them concerns CVE-2022-36934, a critical integer overflow vulnerability in WhatsApp that results in the execution of arbitrary code simply by establishing a video call. The issue impacts the WhatsApp and WhatsApp Business for Android and iOS prior to versions 2.22.16.12.

UK Police arrests teen believed to be behind Uber, Rockstar hacks
2022-09-23 17:58

The City of London police announced on Twitter today the arrest of a British 17-year-old teen suspected of being involved in recent cyberattacks. While there are no details about the investigation, the arrest is believed to be tied to the Lapsus$ hacking group, which is suspected to be behind recent cyberattacks on Uber, Rockstar Games, and 2K. During last year's attacks, the Lapsus$ hacking group was said to be led by a threat actor named 'White' or 'BreachBase,' who was doxxed as allegedly a 16-year-old teen from the UK. This hacking group is responsible for numerous high-profile attacks, including Microsoft, Cisco, NVIDIA, Samsung, and Okta.

Hackers Using Fake CircleCI Notifications to Hack GitHub Accounts
2022-09-23 14:04

GitHub has put out an advisory detailing what may be an ongoing phishing campaign targeting its users to steal credentials and two-factor authentication codes by impersonating the CircleCI DevOps platform. The fraudulent messages claim to notify users that their CircleCI sessions have expired and that they should log in using GitHub credentials by clicking on a link.